AETs

A New Reality

A New Breed of Security Risk

DEFINITION

In 2010, Stonesoft discovered and reported there were millions and millions of ways to bypass even the most advanced network security solutions.How?
By using Advanced Evasion Techniques, or AETs.AETs disguise exploits to bypass security devices. In the worst case, security devices remain blind to old and known exploits. If you do not have anti-evasion technology in place, AETs pose a major risk to your business continuity, data and critical systems.All Stonesoft products protect against AETs, including the new Evasion Prevention System – Stonesoft’s cost-effective “infrastructure patch” specifically for organizations that need peace of mind, fast.

AETs are any evasive hacking techniques that allow an intruder to bypass security detection during a network-based attack.Advanced Evasion Techniques

Stealth cyber attack methods that bypass network security

Stackable through simultaneous execution on multiple protocol layers

Capable of changing dynamically even during an attack

High number of evasion combinations and modifications

Not satisfactorily tested in published security device lab tests

If your network security device (NGFW, IDS, IPS or UTM) does packet or pseudo packet-based inspection across a limited number of protocols and network layers – with signature pattern matching – you are vulnerable to AETs.

Are You Secure?

A false sense of security

Key security players, like Gartner, NSS Labs and ISCA Labs, recognize that AETs are real and can pose a serious threat. But security vendors are still ignoring or downplaying the issue.AETs expose a fundamental design flaw in security devices, despite vendors promising 100% protection.The industry has created an illusion of security that puts businesses and lives at risk. This has to end.

Are you concerned?
AETs are an access all areas pass and most organizations are vulnerable to AETs – but just not aware of it. Finding an actual malicious payload might be straightforward, but detecting AETs requires that all traffic is recorded and analyzed carefully. Does your security detect AETs?

Are you vulnerable?
If you have not deployed Stonesoft security solutions that use full stack, multilayer traffic normalization before stream-based data inspection and detection – then you are probably vulnerable to AET-borne attack. Have you made real-world tests?Can you be sure?
Download and run an Evader test now. Evader is the free ready-made evasion test lab – immediately find out if your current devices are vulnerable in the real world.

Stonesoft is the undisputed leader in AET research and protection. We are years ahead of the competition in anti-evasion technology.
Our edge is our 24/7, automated evasion testing environment – that runs 1-2 million AET test runs every day – and our dedicated team that collaborates with academics and test labs.
If your organization has data assets of value to cyber criminals, you could be a target for AET-borne stealth attacks.